Photobucket Hackers Nabbed, Face Serious Charges From US Authorities

The U.S. Department of Justice said in a statement released Friday that two men, Brandon Bourret, and Athanasios Andrianakis, of Colorado Springs, Colorado and Sunnyvale, California, respectively, were arrested for their sale of software designed to breach the security of photo-sharing site Photobucket.com; their "Photofucket" app, says the linked Register report, was used "to plunder Photobucket's users' private and password-protected information, images and videos, it has been alleged ... The charge sheet against Bourret and Andrianakis details one count of conspiracy and one count of computer fraud, aid and abet – both of which carry a maximum prison sentence of five years and a fine of up to $250,000. In addition, the men stand accused of two counts of access device fraud, which carries a higher prison sentence of up to 10 years and a fine of up to a quarter of a million dollars, per count." The indictment, filed in Federal District Court in Colorado, is far easier to read than many.

Re:Hacking a big corporation is like murder

I believe their "hack" was just guessing (common) filenames on urls, trying them and moving to the next guess.

When is the NSA going to be held accountable?

"...their "Photofucket" app, says the linked Register report, was used "to plunder Photobucket's users' private and password-protected information, images and videos, it has been alleged .."

Sounds exactly like any one of the many NSA programs that have been pointed out over the past year after Snowden relased info.

Re:When is the NSA going to be held accountable?

[SumDog]

Exactly what I was thinking. None of those people are in jail. Congress hasn't done a damn thing....probably because the spy program benefits the federal government greatly in expanding the American Empire.

"Hacking" goes a little far here..

The assets in question were not "protected" by passwords, they were stored on publicly accessible and easily guessable URLs. I mean, if by protected by password they mean anyone without the password could take common camera file names and type in an easily guessable URL without the password then well ya.
 

Re:"Hacking" goes a little far here..

It may not be wise to not protect yourself from stupid thugs, and their little exploit as expected, was neither ingenious, nor damaging in and of itself. What was unexpected was that morons that pound away at keyboards don't think conspiring to commit a crime, fully intending to cause damage aren't smart enough to know that the law treats assholes like criminals and criminals like assholes. I expect to hear the full range of liberal excuses offered in defense of these jerks, but it won't mitigate the next couple of years these sociopaths spend learning that acting like a like a stooge has consequences.
Ask Hillary Clinton what Bill is most famous for. Ask anyone. See what I mean? Being a stooge comes at a price.

Re:"Hacking" goes a little far here..

[Sqr(twg)]

So, the question is: Is it illegal to issue HTTP GET requests (that conform to all specifications and obey the robots.txt of the site in question) if the owner of the site didn't intent for the content at that URL to be available to you?

In other words: Is requesting a (non password-protected) webpage equivalent to representing yourself as someone who is authorized to access than page?

Re:"Hacking" goes a little far here..

[AmiMoJo]

The question is not how bad the security has to be. If you put up a "no entry" sign but otherwise don't lock your doors, it's still trespassing. If it is clear that the pages are supposed to be private, accessing them is illegal regardless of how lame the security is.

Unlisted pages that are marked as private by the user are clearly not supposed to be public. These guys advertised the software as being able to access private pages. It's pretty cut and dry.

Re:"Hacking" goes a little far here..

[mrbester]

Enough with this shit about "trespass". Property laws ate irrelevant. If a page is publicly available then it is public. If it isn't meant to be public then the onus is on the provider to make it private as in contrast to your house, the web is default public by design.

Re:"Hacking" goes a little far here..

[Sqr(twg)]

What if the sign doesn't say "no entry", but instead "feel free to request any URL that you want" ?

Re:"Hacking" goes a little far here..

[Opportunist]

By that logic you're guilty of "trespassing" if your browser, even without your interaction, loads a picture from one such area. So all a shyster has to do is send you a mail with such an image attached, your average "modern" mail client loads the pic when you preview the mail (or, worse, again without your interaction) and the next mail you get from him is a cease and desist letter (with a friendly "please pay this sum to settle this out of court" note attached).

Let's be grateful that the average lawyer who resorts to such practices isn't any better at IT than he is at law.

Re:"Hacking" goes a little far here..

In other words: Is requesting a (non password-protected) webpage equivalent to representing yourself as someone who is authorized to access than page?

I'd like to say if we apply common sense then the answer has to be "yes" - the internet wouldn't work if you had to get authorization before visiting a URL. Search engines would not be able to find and index new content.

However, the laws were written by politicians with little to no technological knowledge and as a consequence we don't really know what's legal and what's not. There are just too many use cases that were never considered. This is one of them, port scanning is another.

Re:"Hacking" goes a little far here..

While this is true, it doesn't seem to matter in "computer security" cases. I think in part because "a jury of your peers" is not what you get, a jury of my peers would know how HTTP works, instead you get a jury of users who don't know the difference between HTTP and HTTPS and the lawyers spinning the story to make the company in to a victim even though all the fault falls on them.

Re:"Hacking" goes a little far here..

[AK+Marc]

So is it trespass if you put up a "no entry" sign, and someone reads your house number from the street?

Re:"Hacking" goes a little far here..

[AmiMoJo]

The robots.txt and http server don't represent the legal intent of the users, and measures had been taken to keep unwanted people out, hence the need for the software. Nothing else matters, technical issues and poor security don't excuse these guy's actions. The fact that the server handed the images over is not an invitation to take them, legally speaking. It's like a petrol pump will fill your car up if you push the lever, but that isn't an invitation to take some free petrol.

Re:"Hacking" goes a little far here..

[tomhath]

Property laws ate irrelevant. If a page is publicly available then it is public.

If I can break the window of your car and pop the trunk open, does that make your laptop "publicly available" for me to take?

Re:"Hacking" goes a little far here..

[tomhath]

Trespassing means entering without the owner's permission; whether it was done intentionally or not doesn't matter.

So GP's logic is correct.

Re:"Hacking" goes a little far here..

[AmiMoJo]

The law isn't that dumb, it's clearly different if you accidentally stumble into an area you are not supposed to be in, or the warning sign isn't visible or whatever. That's clearly not what happened here though, these guys knew what they were doing. It was the only purpose of their software.

Re:"Hacking" goes a little far here..

What if you don't lock your doors, don't put up a no entry sign, and invite people into the property and just don't tell them about the "private" parts of the property under the assumption that the visitors won't think to go there? Are they still trespassing if they do?

Re:"Hacking" goes a little far here..

[Opportunist]

And now you try to convince a judge and a jury who can't tell one from the other. Good luck. I mean it.

Re:"Hacking" goes a little far here..

[mrbester]

Cars are public? Didn't think so.

Even if someone else popped the trunk, the car is still private. And this still has nothing to do with accessing a public URL.

Re: "Hacking" goes a little far here..

The tweaker who stole my laptop seemed to think so.

Re:"Hacking" goes a little far here..

[TWX]

So is it a crime to find a book or magazine in a huge library that isn't listed in the public library's card catalog system?

As I see it, if all they're doing is changing URLs to see what they find, that's what they're doing. Finding something that's in the public library, but not in the catalog.

Posting content on the Internet is publishing. Lots of content on the Internet is indexed by search engines or by the websites that publish it themselves, but not all of it is. If the content is accessible without prompting the requestor for a username and password, then it has been published where everyone could reach it.

If the victims didn't want their content seen, then they shouldn't have published it to the Internet. If they wanted it seen by only a few people, then they should have saved it somewhere that requires authentication in order to gain access to the content.

Re:"Hacking" goes a little far here..

[nitehawk214]

Agreed, these "private property" analogies fall apart badly. I could easily say something stupid like "If I put a sign on my house that says 'Do not look at my house under penalty of law.' and there is no fence or anything", is it enforcable? Of course not.

Re: "Hacking" goes a little far here..

The problem with the statement that posting content to the internet means "publishing" it is that it is not obvious that the content is POSTED in the first place. Home router natting here is seen as an excuses for a securit y joke, but I would dare anyone on Windows to unplug their router and just plug into their ISP unprotected with the firewall off on an unpatched, illegal copy of Windows. Many people have just that kind of setup unwittingly. They have no idea it has resulted in their home security system feeds being available to spiders, and probably windows SMB shares for those few % running Windows XP in China. It is not just business websites "publishing" anymore, but average joes whose only thought was the internet pipe is a looking glass to the outside, rather than a wide-open door.
Maybe my "dare" is already here: One day someone will publish some way to exploit the fact that IPv6 and Teredo running on all our computers makes the web just as unsafe for those who can figure out your IP. Given all the NSA spying and smartphone permission madness, I'd say the juicy bits may already be exposed even if you're not on Windows.

Re:"Hacking" goes a little far here..

[MoaDweeb]

Balancing the budget? :-p

Re:"Hacking" goes a little far here..

[CanEHdian]

Balancing the budget? :-p

Close, but no cigar.

Re:"Hacking" goes a little far here..

[Bing+Tsher+E]

The question is, is the line:

robots=off

in my ./.wgetrc file illegal?

Re:"Hacking" goes a little far here..

[Bing+Tsher+E]

damn, it's in my ~/.wgetrc file. Not sure what that *other* file is for.

Re:"Hacking" goes a little far here..

WTF? I see this all the time and I can't figure out. Intent matters. If I got to a banking website and steal a bunch of money is that okay, because I only issued GET requests? Lots of crimes differentiate between accidents and intent. These people knew what they were doing was wrong. They knew they shouldn't be accessing that data. Why in the world would you defend these scum on a technicality? Fine, maybe you'll understand XKCD. There's a huge difference between accidentally burning my house down and doing it intentionally. Even if I make the same fucking actions? Get it?

Re:"Hacking" goes a little far here..

[just+another+AC]

Ask Hillary Clinton what Bill is most famous for. Ask anyone. See what I mean?

NOT starting a war
NOT campaigning on ending war related atrocities by his predecessor and then changing his mind.

That is what many people think of when they think of Bill Clinton. The guy who just did his job.
If someone's biggest complaint about how you did a job is something not related to the job, you are doing alright.

Re:"Hacking" goes a little far here..

Yes, and people have been convicted of that in the US before - many of the famous Apple "hacks" where simply changing a character in a URL

Re:"Hacking" goes a little far here..

It's trivial to balance the budget. All you have to do is place more spending in the off budget columns.

If you look at actual debt growth during the Clinton administration, you'll find that every single year ended up with higher Federal Debt. Americans aren't too good at seeing through political games, especially if it's in "their" party. Party on Garth...

Re:"Hacking" goes a little far here..

If programmers were perfect... it would not happen. It was called NAVIGATING to guess pages and get the prize, some old websites even relied on it and were not connected, which is why we needed indexes, not the ideal superspider webbing the whole web. I did find once gov regulations by chasing direct URLs which otherwise I would not know of and definitely favor me! Though, of course, if the URL itself is the password... that is another matter! I did implement such client side security scheme once, so I know what I mean and definitely, if it IS a password in the URL, it has exactly the same security as a password, only it is in the URL. I think it is more schizophrenic/telepath hunting games only, but it may create a very, very, very bad jurisprudence. djb

Re:"Hacking" goes a little far here..

How then do you propose dealing with access related to persistent links? Photobucket's privacy settings are toggled by the user. If I were to obtain a URL to an asset while the account holding it was set to public and use it in some form of persistent link on my webpage or blog, am I still culpable for any "unauthorized" access that occurs if the user at a later date decides to set his account to private?

Re:Uhuh

[MobSwatter]

You are confused at the terms provided for above the law, like STASI terms that we live under today. Do as I say, not as I do but that vindicates the mob who helped gain control of the 'political theatre' and get votes and steer the masses. This will escalate, absolute power breeds absolute corruption, they had that over the mind in the 50's here and from Hitler's toy box, your digital shit ain't nothing at all compared to invasion and manipulation of your life they have fed you. Sick, power hungry mofos, there really wasn't a way that this couldn't come back on them, mind control was not determined to be reliable, but they did it anyway simply for power. -stupid fucks.

Seems a bit harsh

[complete+loony]

Pointing out a flaw in someone else's software should not, by itself, be a criminal act. Once the information is public, automating the exploit could be done by anyone proficient in the art.

But selling a tool that uses the vulnerability? They crossed a line, but throwing the book at them seems a little harsh.

Re:Seems a bit harsh

[rtb61]

If you read the indictment, they did not just create the code, they actually used it themselves and showed others how to use it by demonstrating it. Now of course comes much greater consequences, their customer base is also in the firing line and they will all be turned over for a reduced sentence. This could lead to a whole bunch of crimes being exposed.

Re:Seems a bit harsh

[antiperimetaparalogo]

Pointing out a flaw in someone else's software should not, by itself, be a criminal act. Once the information is public, automating the exploit could be done by anyone proficient in the art.

But selling a tool that uses the vulnerability? They crossed a line, but throwing the book at them seems a little harsh.

My latest comment, just before i write this, is an answer to a fellow Slashdoter that complained that i am a "Greek attention whore" - now you complain because Athanasios Andrianakis (the second one that was arrested) is a Greek(-American) hacker that develops and SELLS software. And then i read all these stuff about "the lazy Greeks that must work and pay back their loans". What is wrong with you barbarians? Make up your mind! What do you want from us Greeks? The guy apparently is a honest men trying to do the right thing - earn some money, make some payments, you know... help the economy.

On a more serious tone: his software designed to plunder private and password-protected information by breaching the security of a site, and since the saying in Greece is like "prison bars are for brave men"... our mister brave, should be brave now!

Re:Seems a bit harsh

[Hognoxious]

What do you want from us Greeks?

Olives. Have you got anything else?

Re:Seems a bit harsh

[Pieroxy]

Olive oil isn't bad in this corner of the earth either.

Re:Seems a bit harsh

[antiperimetaparalogo]

What do you want from us Greeks?

Olives. Have you got anything else?

No olives for you barbarian... only cheeseburger!

Re:Seems a bit harsh

[Opportunist]

Then I guess I'm a criminal too. My job is to find flaws in security and show how to exploit them. Of course this entails creating tools that allow me to demonstrate it.

Great. Is the ITSEC industry supposed to come alphabetically, by size or by importance? We don't want to cause a traffic jam at the jail gates.

Re: Seems a bit harsh

Hmm, that's interesting. I worked at a malware analysis and research firm for a while, and they sold exploits with software to carry out those exploits to anyone that could afford it. Why is that a legal practice for a company, but not for an individual?

Re:Seems a bit harsh

[CanEHdian]

If you read the indictment, they did not just create the code, they actually used it themselves and showed others how to use it by demonstrating it. Now of course comes much greater consequences, their customer base is also in the firing line and they will all be turned over for a reduced sentence. This could lead to a whole bunch of crimes being exposed.

If you remember the Aaron Barr/HBGary e-mails, which preceded the Snowden revelations by years, it was already obvious that there was a whole subculture of businesses who bought and *sold* 0-day exploits (HBGary's boss called them 'Juicy Fruits"), of course with the obvious intent of being used against non-censenting targets. So if these Photobucket guys are guilty, let's start filing suits against the dark "security businesses" of this world.

Bigger Fish

[ChadSmith4920]

So Chinese college students are reading Obama's unclassified emails and these guys are busted for hacking ebay photos. :-D

Re:Bigger Fish

[St.Creed]

The Chinese students were probably smart enough to do it from outside the USA's jurisdiction...

Re:Bigger Fish

[Fnord666]

So Chinese college students are reading Obama's unclassified emails and these guys are busted for hacking ebay photos. :-D

No, they were busted for selling software that let others hack eBay photos. I'm not sure how this is any different than the guy who created the website that helps you break into Master padlocks. Both have legitimate uses as well as nefarious ones.

Re:Bigger Fish

[Fnord666]

I guess I should have read the indictment beforehand. Apparently they also hacked into Photobucket themselves and sold the access or photos to others. That's very different.

Huh

[koan]

Those penalties seem overly harsh.

Re:Hacking a big corporation is like murder

[MobSwatter]

In the eyes of the courts. They're fucked.

Not really, system has been gamed, it is 'fixed'. It has a lot to do with how much money they made and how much they are willing to give up to maintain freedom. This is where you will notice justice went out the window a long time ago, justice is bought/sold/traded on a daily basis.

those doods should walk

What the hell is wrong here? These guys are going to do time for an attack based on a jurrassic flaw? Isn't this crap in books on the subject with titles like "don't ever set up a website like this"!

Photobucket's punishment?

[hawguy]

How much jail time did Photobucket executives get for allowing such lax security in their app in the first place? Must be at least twice the 5 years that these two are getting. Maybe more. Right?

Re:Photobucket's punishment?

If I leave my car door unlocked, does that give you the right to steal my stereo?

Re:Photobucket's punishment?

In Alabama it does (penal code section 443(a).12)

Re: Photobucket's punishment?

Wrong car analogy. Let me fix it for you:

If I pay you to park my car, and you leave it on the street, unlocked, with the Windows down. Then yes. You should pay damages to the owner.

Re:Photobucket's punishment?

[hcs_$reboot]

How much jail time did Photobucket executives get for allowing such lax security in their app in the first place? Must be at least twice the 5 years that these two are getting. Maybe more. Right?

In the eyes of justice, the intention is worth more than the act.

Re:Photobucket's punishment?

Nope but they can download a copy of it.

Re:Photobucket's punishment?

[hcs_$reboot]

But if you leave your window opened, can I record from outside the music you are currently listening to?

Re: Photobucket's punishment?

[NotInHere]

And what if your only objective is price, and you give the keys to the shady guy who claims to offer a free service?

Re:Photobucket's punishment?

Attempting to secure data and trying to unsecure data are not the same. Maliciousness.

And since I just exposed the flaw in your morality is it now ok for me to abuse you?

--

Re: Photobucket's punishment?

[Opportunist]

Then we will laugh at you and mock you and ridicule you for being a gullible moron.

But the shady guy still goes to jail if he gets caught.

Re:Photobucket's punishment?

Tell that to all the drunk drivers who "intend" to get home safely, but end up killing people. The ones who don't kill people had exactly the same intent but the punishment for the former is double digit years in prison and for the latter is maybe a slap on the wrist if it's not their first offense.

Re:King Frosty the First

[MobSwatter]

I'm royal.

So what is YOUR connection to the Spencer family? or is it just a 'royal PITA' you are accepting credit for? If so, the Hollywood fire hydrant, and duct tape is for you dude, your fantasy's fulfilled. Now go away and let the people sort this shit out.

Man talk about straight out if Sci FI

[future+assassin]

you get more time for hacking a corporation then you do for manslaughter.

Re:Man talk about straight out if Sci FI

As should be the case. the hacking is a malicious, intentional act, with forethought and planning. Manslaughter by definition is neither intentional nor malicious and was done without forethought. One is a crime you intentionally set out to do the other is circumstance/random/accidental.

Re:Man talk about straight out if Sci FI

[l0ungeb0y]

By that definition, shoplifters should get 20-30 years. You are one fucked up individual if you think these twerps deserve what amounts to a life sentence over grabbing some nudies. Three to Five years? Sure -- but people like you who support these totalitarian policies are the reason why our country is turning into a Fascist Police State. So fuck you very much for helping to burn our freedoms to the ground you fuck.

Re: Man talk about straight out if Sci FI

Um, no. Our freedom is not based on your ability to look at things that are NOT yours with impunity. Software, like bank vaults, should be secure. Just like bank vaults, people who decide to circumvent software's security (even if it is merely security by obscurity) and steal information should be penalized.

I am no more impressed with your ability to "hack" a password than I am with a bank robber's ability to crack a safe. Go to jail, go directly to jail, do not pass go, do not collect 200 dollars.

Re: Man talk about straight out if Sci FI

What's wrong with long sentences for shoplifting? Stealing is wrong.

Re: Man talk about straight out if Sci FI

[Opportunist]

Actually, a bank robber's ability to crack a safe amazes me heaps more than being able to crack a password. Not only are these things usually much tougher to break than passwords, it's also something I can't do, and I do admire people who have skills I lack.

Re: Man talk about straight out if Sci FI

[Opportunist]

The relative length. Punishment should be on par with the crime. Else, things escalate. Allow me to give you an example.

Time and again I hear people call for people who rape, especially if the victim is underage, to be charged like murderers. I can only say that this is a very dangerous proposition. If the charge for rape is the same as for murder, every rape victim WILL be murdered if the culprit is smart. The chance for detection goes down (one less witness) while the punishment stays the same. There would be exactly zero deterrence for a rapist from killing his victim.

There is a reason why theft (stealing without violence) carries a lower sentence than robbery (stealing with violence or with threat thereof). While criminals usually don't really think about possible punishment in the moment of action, they do so when planning. And when my plan tells me that more violence does not lead to more punishment but less chance to be detected, more violence it is.

Re: Man talk about straight out if Sci FI

Is it really commensurate with the value of the item?

How about 30 years for stealing a doughnut? That's what the first 3-strikes case in California got.

F that, I don't want to pay for that.

Re:Man talk about straight out if Sci FI

If these guys have the same attitude as you, then I'm for the death penalty for doing this,

Re: Man talk about straight out if Sci FI

[AK+Marc]

If the charge for rape is the same as for murder, every rape victim WILL be murdered if the culprit is smart

So one murder, one rape, working out to consecutive live sentences without parole is fine, and everyone committing rape/murder is thinking clearly and logically at the time.

I think I see some holes in your logic.

Re: Man talk about straight out if Sci FI

[Opportunist]

If more than "one whole lifetime" matters to you, you must be a very religious person.

If I'm already going to jail for life once, why the fuck would I care for another sentence on top of that?

Re: Man talk about straight out if Sci FI

[AK+Marc]

Because most murders don't result in a life sentence. So 40 years vs life * 2 would make a difference.

Also, nobody contemplates the penalties before deliberately choosing to commit a crime, aside from corporations. Most throw a first major felony into "ruins my life" category, and the minutia of rape vs rape+murder sentencing wouldn't be a thought. Not to mention that very few crimes are committed by a first-time offender, so the problem is the prisons breeding criminals, not the "good" people acting up. And only the "good" people would consider the consequences of being caught before doing something, so the minutia of sentencing is (effectively) never taken into consideration for violent crimes.

All calls to change sentencing for violent crimes are punitive, not prevention. And "tough on crime" makes more, not less crime, as the poorly treated convicts with no real life prospects after have no choice but a life of crime, and years of study of crime in prison, since so many want to deny them any other diversions.

Re:Man talk about straight out if Sci FI

[Bing+Tsher+E]

You are one fucked up individual if you think these twerps deserve what amounts to a life sentence over grabbing some nudies.

The thing you need to understand is that Big Data needs us to trust that it's safe to put all our stuff on their servers. These 'twerps' erode that trust badly. How is Google going to mine our data if we don't put it out there because we've been scared off by their little brothers in the surveillance business. So obviously these guys need to be made an example of.

No sympathy is deserved for these idiots.

These assholes did things they had no moral right to do. They deserve to be punished because they actually committed intrusions, which is
behavior that is fundamentally different from merely exposing a security flaw.

To those of you who are spouting off the bullshit "moral relativism" arguments about how the NSA or Obama or some other government entity does things which are wrong "therefore anyone else who does similar stuff should not be punished" : Your thought processes are deeply in need of repair and your personal moral code is as well. A decent human being doesn't look for excuses which will justify or excuse bad behavior ; a decent human being does what is right because it is the right thing to do and avoids doing what is wrong simply because it is wrong, even if no one is watching.

Re:No sympathy is deserved for these idiots.

[l0ungeb0y]

Take your sense of morality and shove it right up your ass. What about punishment fitting the crime? And what about this glaring double standard between the Fascist US Gov't who knowingly hacks systems all over the world bringing "justice" upon a couple twerps for doing the same thing they do? I don't hear anyone calling for them not to get their wrist slapped -- but 30 years in prison and a half million or more in fines? You have no morality at all if you think that is in anyway fair or just. And those who talk about the criminality of not being a decent human being usually turn out to be very disgusting and disturbed individuals.

Re:No sympathy is deserved for these idiots.

These assholes did things they had no moral right to do.

Morality can fuck right off. What matters is Legality.

A decent human being doesn't look for excuses which will justify or excuse bad behavior ; a decent human being does what is right because it is the right thing to do and avoids doing what is wrong simply because it is wrong, even if no one is watching

Ah, the "no true Scotsman" fallacy alive and well I see. Pray tell, what is the 100% agreed-upon criteria amongst all people for what "right" and "moral" means?

they actually committed intrusions

Technically no they did not. They accessed URL's which were publicly accessible, but which were not publicly published. It's somewhat of a gray area legally, but from a purely technical viewpoint since the resources were publicly accessible with no protections the access is not really 'unauthorized'.

Re:No sympathy is deserved for these idiots.

It hardly seems more serious than a search engine that fails to look at robots.txt and indexes content anyway.
They went about it in kind of a nasty way, but “Unauthorized access into a secure computer system” should require at least a remedial level of security. Otherwise, I could just put up a public web site, post a bunch of "private" photos on it without publishing the links, and then watch the logs for all these unauthorized criminals to commit a federal crime by accessing them... Profit?

Re:No sympathy is deserved for these idiots.

Well, if we're going to discuss morality, it is worth a mention that those accounts were most likely not being accessed to gain access to mundane "day in the life of" type images and videos. It's also reasonable to assume that they were uploaded there, not for safe keeping, but for sharing. So, somehow the privacy angle starts to erode for me.

Re:No sympathy is deserved for these idiots.

[Opportunist]

Punishment is not the question, what's questionable is the length of the possible punishment. How fucked up is your law that something like this can carry a two digit jail time?

Re:No sympathy is deserved for these idiots.

[St.Creed]

You won't play tough keyboard guy anymore with that keyboard lodged up your ass.

sayeth Anonymous Coward.

Re:No sympathy is deserved for these idiots.

[turp182]

So let's punish the NSA first, because we know they have it all. And they are watching.

Decent human beings... Insightful.

Re:No sympathy is deserved for these idiots.

[Bing+Tsher+E]

Your comment is 20% less anonymous.

Re:No sympathy is deserved for these idiots.

[CanEHdian]

Welcome to the Star Trek: We're Back fan movie website!

Episode downloads:

1. www.strekwb.test/episode1.mp4
2. www.strekwb.test/episode2.mp4
3. www.strekwb.test/episode3.mp4

Episode 4 is ready and we sent the download link to a few people who we think are better than you and get to see it first!

You're a foul, devious, stinking criminal if you think of trying www.strekwb.test/episode4.mp4 just for the heck of it.

Re:No sympathy is deserved for these idiots.

[Bing+Tsher+E]

I can put the line:

robots=off

in my ~/.wgetrc file and it will happily hoover all the data on your web server. As intended. I can even change the user agent so you don't know I am connecting with wget.

Responsible server operators can block the IP of clients who do stuff like that. Some even block dynamically, i.e. if you're obviously mirroring their whole site they cut you off midpoint.

Re:No sympathy is deserved for these idiots.

The US Constitution protects against cruel and unusual punishment. Sexual assault falls under cruel and unusual punishment. Full stop. Sexual assault isn't funny or a proper punishment for any reason. We shouldn't be advocating or celebrating sexual assault in US prisons. It is very sad.

WTF

Prison? The NSA needs to hire these guys!

Re:Uhuh

You are confused at the terms provided for above the law, like STASI terms that we live under today. Do as I say, not as I do but that vindicates the mob who helped gain control of the 'political theatre' and get votes and steer the masses. This will escalate, absolute power breeds absolute corruption, they had that over the mind in the 50's here and from Hitler's toy box, your digital shit ain't nothing at all compared to invasion and manipulation of your life they have fed you. Sick, power hungry mofos, there really wasn't a way that this couldn't come back on them, mind control was not determined to be reliable, but they did it anyway simply for power. -stupid fucks.

Is your translation software broken?

Re:Uhuh

You are confused ...

Your post borders on the sort of incoherent babbling one might hear from
a schizophrenic who preaches on a street corner.

Next time, sober up before you attempt to set the rest of us straight.

This is a crime worse than murder

[l0ungeb0y]

So it only goes that they receive a fate worse than death. Place them under house arrest and block all network access except to 4chan -- which they shall be forced to moderate. To ensure they actively moderate, they will wear a shock collar around their neck which will administer increasingly painful jolts to prod them into action

Re: This is a crime worse than murder

If Internet access becomes a utility there could be a day where you lose your connection as a societal punishment

Re: This is a crime worse than murder

[l0ungeb0y]

Not at all. You don't see laws revoking water and electricity as punishment. In fact, presently it's quite common -- if not standard practice to take away internet and computer access for 3 - 5 years as a condition for parole. Making the Internet a utility would end that as it would raise Constitutional challenges.

Re:This is a crime worse than murder

I'm pretty sure the 8th Amendment explicitly forbids cruel and unusual punishment...

I wonder

If this War on Hacking will go as well as their War on Poverty and their War on Drugs....

Re:I wonder

[l0ungeb0y]

No, pretty soon they're going to drop the pretense and just start calling it what it is: "War on the People"

Re:I wonder

It's not a war, it's afternoon plinking.

Re:I wonder

[St.Creed]

Of course they won't. Even Stalin and Mao never sold their mass murders as anything other than "War on {criminal flavor of the day}".

Re:I wonder

[Bing+Tsher+E]

What do you mean, 'Even Stalin'? His acts were as mainstream as it gets at the time, and the people running the Western Media were enthusiastic about covering it up.

Mao had a very closed up environment to work in. Western Journalists weren't touring through China in useful idiot mode during the worst of his atrocities, like the dupes in Russia.

Re: Uhuh

Might I suggest you endulge in your preferred $party_favor before reading slashdot?

Re:Uhuh

I tried running it through Google Translate, to various languages and back. Surprisingly, it changed virtually not at all. It's as if it's already been run through a translator repeatedly. That, or the guy is a total wingnut.

dem haxx0rz r in ur bucketz nao

As long as we keep using deliberately vague terms we can just accuse anyone of anything and get them convicted, too. We certainly don't need to even try and understand wtf they did. They "hacked" and that's damning enough already. Justice prevails!

sounds firmiliar

[Gravis+Zero]

one count of computer fraud, aid and abet – both of which carry a maximum prison sentence of five years and a fine of up to $250,000

that sounds familiar.

Re:sounds firmiliar

[someone1234]

They were not too successful in selling that app. Otherwise it would be multiple counts.

Re:King Frosty the First

I'm your king. Bow to me! Like my dynasty, of which I am First, my FP is eternal!

No but feel free to take a picture of the stereo..

Or for that matter, feel free to take my picture if I'm standing out in public wearing a mask to obscure my face, but the mask is actually made of transparent plastic and does nothing.

Throwing the book

[Iamthecheese]

Although the maximum penalties are, in my opinion, way too high I'm just happy they're not adding on the dozens of fraud, cracking, and illegal access charges I'm so used to seeing. One charge of violating each actually applicable law is a refreshing change. I wonder if this is a signal the abuse of plea bargaining and DA threats has stopped?

Re:Throwing the book

[Opportunist]

I'd rather say that it's a sign the DA doesn't know how to apply those charges.

Never attribute to sanity what can sufficiently be explained by incompetence.

It was really password protected?

I have the suspicion that if it was that easy to see the photos, these where not really password protected.

Same amount you get for your lax home security

[Sycraft-fu]

I mean when someone breaks in to your house, you should go to jail right? After all, your home security sucks. I don't care if you think it is good, it sucks. Virtually nobody bothers with good home security.

So you should go to jail if someone breaks in... ...or maybe you should reexamine this "blame the victim" attitude so many geeks have with regards to hacking.

Re:Same amount you get for your lax home security

[mrbester]

Your home is by default private. The web is by default public. The assumption that a public page is private just because it has your name on it is risible.

Re:Same amount you get for your lax home security

"I mean when someone breaks in to your house, you should go to jail right? After all, your home security sucks. I don't care if you think it is good, it sucks. Virtually nobody bothers with good home security.

So you should go to jail if someone breaks in... ...or maybe you should reexamine this "blame the victim" attitude so many geeks have with regards to hacking."

'the middle east has oil, so we should mock their leaders and invade them TWICE. the usa has violated international law twice. 'but they didn't have a superior fighting force and weren't burning the oil so we had a right to invade them!

Re:Same amount you get for your lax home security

Hah, something like that happened here. Some burglars entered a home, and they tried to steal a heavy object. The stairway collapsed under the weigth (apparently was not installed according to regulations...) and the homeowner had to pay a significant amount of money because one of the burglars sustained a back injury from the fall.

Re:Same amount you get for your lax home security

[AK+Marc]

If someone walks into an open store, tries on some clothes, taking photos in the fitting room, and puts everything back and leaves, is that "theft"?

Re:Same amount you get for your lax home security

CITATION NEEDED. Or It's BS.
If the event actually occurred, the more it's publicized the better.

Not sure where you live

[Sycraft-fu]

Here manslaughter is a Class 2 Felony. That means 4 years minimum sentence (or 3 years minimum if there are mitigating circumstances), 10 year maximum (12.5 if there are aggravating circumstances). This is presuming first time offence, and only one count. A repeat offence can bring it up to as much as 35 years.

So no, doesn't look higher to me. Remember there's a difference between maximum and minimum. When a sentence is "up to" that means "the absolute maximum a court may sentence for a given offence." Usually, there's a fair bit of range in a sentence since the idea is a judge will consider the factors of the individual case.

Re:Not sure where you live

[Ramze]

Depending on the state, sentences can even be active (prison time), probation, and/or community service. They can also be commuted so that the record shows you're guilty and sentenced to X years, but you serve no actual time. North Carolina has a "Prayer for Judgement Continued" option for judges to basically accept a guilty plea for even some felonies, yet give no punishment or sentence, so the person is guilty, but not convicted because a conviction requires a sentence. (This works by pleading guilty, praying for the judge to continue the judgement/sentencing at a later time - say 2 or 3 years from that date... and then the judge decides after that time not to sentence you if you have obeyed the law within that time frame.) Then, there's also deferred prosecution for first time offenders which many states have -- this lets you plead guilty to a crime, abide by certain rules, and then the prosecutor agrees not to take the case to trial and simply drops the charges after you've completed all the requirements. They then tear up your guilty plea and let you seal and/or expunge the record of your arrest, too.

Murder

They went to this effort, very publicly, to steal teenagers twerking videos.

Fuck, with that sentence, they could have went out and kidnapped teens and forced them to twerk, then killed them, and still get a lesser sentence.

Re:Murder

[Opportunist]

Don't worry, the next ones will do just that. As you said, it's "cheaper" if you get caught. And probably easier to pull off, too.

They face "Serious" charges?

When does anyone ever face "Silly" charges? Well, I guess it's rather silly getting arrested and being charged with the self-referencing offense of "Resisting Arrest".

hellp

how to make internet speed hack.plz help me.Free Shopping Coupons

Or...

[sycodon]

Or...It's bad enough when Obama/Bush/Hillary but here we have two yahoos who would let anyone do it.

Re:Or...

[Bing+Tsher+E]

Hillary's email server is very secure.

They didn't have yahoo hosting it. Bill said they were too expensive.

Don't Take My Shit

Western Society only works because of a few million pages of laws that essential come down to two basic points:

1. Don't hurt me.
2. Don't take my shit.

If everyone simply obeyed these two dictates, then this would be much better world.

So if I leave my windows down, don't take my shit.
If I leave my door unlocked, don't take my shit
If I put pictures in the "Cloud...a loathsome word only really embraced by ignorant marketing weenies), Don't take my shit.

And Taking My Shit includes copying it. Fuck you and your legal hair splitting. If it's not yours, leave it the fuck alone.

Come on, this is a basic principal taught in preschool and Elementary school.

Don't Take Other People's Shit!

Re:Don't Take My Shit

[mrbester]

Put your shit on a publicly accessible site? Fuck you if you have a problem with people accessing it.

The web doesn't belong to you. The server your shit is on doesn't belong to you. If you don't want personal stuff being publicly accessible don't have it somewhere that enables that.

Fuck off with your "mine" schoolyard bullshit. You're like the tossers who think Twitter is a private chatroom with invites for participation who have the nerve to get annoyed that their conversations can be interrupted by anybody with an account.

He does it for free

[Guppy]

So it only goes that they receive a fate worse than death. Place them under house arrest and block all network access except to 4chan -- which they shall be forced to moderate.

Prisoners usually receive some token payment for their work, though. 4chan janitors do it for free.

It depends...

...if my home is full of medical records then HIPAA says yes i go to jail for lax security.

Riddle me this...

[CaptainOfSpray]

Why does anybody, anyone at all, still believe in this "cloud" thing? Any person or company that stores anything personal/private/confidential/valuable in "cloud space" is Just Asking For It.

I speak as a person with 50 years experience in IT. The lesson of those years is - You cannot, must not, trust Other People with your precious jewels. The human race does not just have malicious individuals; it is 80% composed of lazy incompetents who don't pay attention and can't keep promises.

Re:Riddle me this...

[Bing+Tsher+E]

The cloud deal is living, even thriving. The car and boat payments of countless fucks depend on us trusting it forevah. My company recently replaced the Exchange servers with gmail. We all had to install Chrome and we log into the googleplex each morning.

I now use IE at work (imagine the irony in this!) for most browsing, explicitly not logged into Google, as a privacy practice.

Re:Uhuh

[MobSwatter]

Alrighty then, what would be your reasoning for the implementation of fascism and the resulting wide spread corruption?

Re:Uhuh

[MobSwatter]

Yeah, I'm a 'wingnut' alright... the OXCART type, but I support the non military application of it..

Photofucket

[eulernet]

From what I read there: http://photofucket.software.in...

It appears that Photofucket is a backup tool for downloading pictures from your Photobucket account, if you have the login/password.

Otherwise, it will simply bruteforce all urls (probably by using counters with base filenames) in order to grab the pictures.

Unless they collected the passwords entered by their users, I don't see any crime here, except the offensive name for Photobucket.
WTF ?

I am actually quite happy...

For whatever reason Photobucket was the only site I ever created a truly unique password for which is completely different than any other site I have an account with. If they stole that login info, it will be completely useless to anyone unless they wanted to use my account to host illegal content on the site. Hooray!